A firm’s Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify
complex vulnerabilities that may exist in the payment system being internally developed. The
payment system being developed will be sold to a number of organizations and is in direct
competition with another leading product. The CEO highlighted, in a risk management meeting
that code base confidentiality is of upmost importance to allow the company to exceed the
competition in terms of product reliability, stability and performance. The CEO also highlighted that
company reputation for secure products is extremely important. Which of the following will provide
the MOST thorough testing and satisfy the CEO’s requirements?
A.
Use the security assurance team and development team to perform Grey box testing.
B.
Sign a NDA with a large consulting firm and use the firm to perform Black box testing.
C.
Use the security assurance team and development team to perform Black box testing.
D.
Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.